%-----------------------------------------------------------------------------
\chapter{Implementation (Hausegger)}
%-----------------------------------------------------------------------------

\section{Choosen implementation}
%Haui so ein G'setzerl noch bei jedem Kapitel dazuschreiben.
Based on the defined tasks, objectives and related criteria, 
the following technologies were selected for implementation.

%todo 
%Auf Google Cloud Platform funktioniert es ja nicht so einfach.
%Google Cloud Platform hier aber bestehen lassen.
%Rackspace mit dazu nehmen.
%Bei Ergebnissen schreiben Google Compute Engine funktioniert nicht einfach -
%eigenes Image müßte erstellt werden - Rackspace bietet vordefiniertes fertiges
%Image an. Daher Rackspace.
\subsection{Google Cloud Platform}
On the Google Cloud Platform various kind of applications - ranging from single
applications executed in shared application environments to whole customized
operating systems - can be executed in the datacenters of Google.
\cite{google-cloud-platform}.


\subsubsection{Google Cloud Compute engine}
{\bf Google's Cloud Compute engine can be used to execute virtualized operating
systems.} \underline{Therfore}, customers can install any software they want on
these operating systems. \underline{Furthermore} this execution environment is
ISO-27001 \cite{iso27001} certified \cite{google-cloud-compute-engine}, whiche
means it can be assumed to be a very secure hosting environment. For this
reason, it was chosen as a hosting platform for the present implementation.


\subsection{Hostvirtual.com}
Host Virtual, Inc. is another cloud hosting provider that offers virtualized
operating systems and operates different datacenters worldwide
\cite{HostVirtual}. \underline{In addition}, the company offers many different
pre-built virtualized operating system images that customers can utilize without
expensive set up and configuration steps.


\subsection{Vyatta}
{\bf Vyatta is a specialized Linux operating system with a software suite on top
that provides various network security solutions supporting IP v4 and IP v6,
including:}  

\begin{enumerate}
  \item virtual router implementation
  \item virtual firewall implementation
  \item OpenVPN server
\end{enumerate}

\underline{Therefore}, it can be assumed to be extensible for future needs that
exceed the current tasks and objectives. \underline{Furthermore} it is open
source, widely used, and designed to support virtual machines and various
hosting providers out of the box. \underline{For these reasons}, it was chosen
for the software part of the current implementation.




%-----------------------------------------------------------------------------
\section{Results of the implementation}
%-----------------------------------------------------------------------------
%Aus der gewählten Umsetzung ergeben sich die folgenden wichtigen Ergebnisse und
%Zwischenschritte.


\subsection{Google Cloud Platform}
{\bf\underline{First of all}, the results show that it is possible to set up a
 specialized, self-configured operating system image on the Google Cloud
 Platform, but this is a very time consuming task involving many different
 steps.} \underline{Furthermore,} all guidelines and tutorials found for
 installing the Vyatta operating system assumed physical access to the
 computer and installing Vyatta directly from CD. \underline{Therefore} trying
 to host the described solution on the Google Cloud Platform does not make sense
 compared to other, more specialized, hosting companies such as Hostvirtual.com.


 \subsection{Hostvirtual.com}
This hosting provider was selected for further implementation because it offers
Vyatta pre-installed virtual machines.



\subsection{Set up and system dashboard}
After registering on Hostvirtual.com and subscribing for one of the
various Vyatta hosting plans offered the operating system was set up within ten
seconds. This resulted in a shown dashboard containing all of the necessary
information, as shown in figure ~\ref{VyattaDasboard}.
  

\begin{figure}[htbp]
    \centering
    \includegraphics [width=16cm,angle=0] {figures/VyattaDashboard.jpg}
    \caption{Dashboard after installation of Vyatta}
    \label{VyattaDasboard}
\end{figure}  
  

\subsubsection{Accessing Vyatta after installation}
Immediately after installation Vyatta is not remotely accessible.
\underline{However}, the selected hosting provider Hostvirtual.com offers a
specialized interface called "`\_Web Console"', which is similar to the command
line and is accessible via a web browser, as shown in figure ~\ref{WebConsole}.
This interface can be found in the dashboard in the console section.


\begin{figure}[htbp]
    \centering
    \includegraphics [width=14cm,angle=0] {figures/WebConsole.jpg}
    \caption{Web console for working with Vyatta directly after installation}
    \label{WebConsole}
\end{figure}  


\subsubsection{Configuration of Core Vyatta components}
After logging in as user "`vyatta"' the Vyatta specific configuration mode was
entered with the command "`configure"'. In order to connect to any kind of
network, the following commands using the hosting-provider-supplied IP address
have to be issued.

\lstinputlisting[language=bash]{figures/Networksetup.sh}


To verify the modifications and the current settings the "`show"' command can be
issued (see ~\ref{currentSettings}).


\begin{figure}[htbp]
    \centering
    \includegraphics [width=16cm,angle=0] {figures/currentSettings.jpg}
    \caption{Current settings of the Vyatta operating system}
    \label{currentSettings}
\end{figure}  

It is important to mention that "`+"' and "`-"' indicate modifications that
are not yet in effect and have be to committed with the referring
command "`commit"'. \underline{Furthermore}, all modifications are lost upon
restart of the operating system unless the command "`save"' is entered.
 
%todo OpenVPN bei Conclusion etc

\subsubsection{Configuring Remote Access VPN using L2TP/IPsec with pre-shared
keys}
The L2TP/IPsec protocolls support building remote access virtual private
networks without forcing clients to deal with digital certificates.
\underline{However}, clients need to know username and passwords, the so called
pre-shared keys. For users, this is much more comfortable and intuitive to users
than dealing with digital certificates.
\newline
\newline
To set up the VPN solution, the following commands have to be issued in
configuration mode.

\lstinputlisting[language=bash]{figures/VPNsetup.sh}

\subsubsection{Configuring traffic forwarding}
To let clients connect not only to the VPN service and its host, but also access
the Internet through the VPN service network address
translation (NAT) has to be set up utilizing the following commands.

\lstinputlisting[language=bash]{figures/NAT.sh}

%Forget this step
%\subsection{Testing the VPN service utilizing Windows 7}
%In order to make sure the VPN service is working proberly  

%Forget this
%\subsubsection{Testing the VPN connection with openconnect client software}
